Route Origin Authorization

$ rpki-client -vvf 0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203136353039.roa
File:                     38342e33382e3234372e302f32342d3234203d3e203136353039.roa (raw, json)
Hash identifier:          0oh6A7eA90q/WtDlb3DI0abzbjK2IneZEFx5RE7MV1c=
Subject key identifier:   90:A6:34:C4:69:83:96:9C:86:48:BE:32:A4:97:1B:C6:43:33:8D:A3
Certificate issuer:       /CN=861a9d357d53d5459484a1f5921704e762641a62
Certificate serial:       62D2D55AB795E6D3CBE02704C278B840E7F3B7AE
Authority key identifier: 86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
Subject info access:      rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203136353039.roa
Signing time:             Wed 06 Dec 2023 05:15:05 +0000
ROA not before:           Wed 06 Dec 2023 05:10:05 +0000
ROA not after:            Wed 04 Dec 2024 05:15:05 +0000
asID:                     16509
IP address blocks:        84.38.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl
                          rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:d2:d5:5a:b7:95:e6:d3:cb:e0:27:04:c2:78:b8:40:e7:f3:b7:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=861a9d357d53d5459484a1f5921704e762641a62
        Validity
            Not Before: Dec  6 05:10:05 2023 GMT
            Not After : Dec  4 05:15:05 2024 GMT
        Subject: CN=90A634C46983969C8648BE32A4971BC643338DA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:97:05:05:82:52:3b:ee:79:c9:98:cb:df:2d:
                    7e:e9:2c:98:4a:71:6b:63:6c:94:a9:f8:13:14:bd:
                    df:cc:6e:45:ab:a0:29:6d:27:f3:fc:d4:ff:67:2b:
                    55:ad:41:1c:86:40:56:46:02:b1:9b:d0:6b:5b:bd:
                    9c:bf:44:83:52:05:21:d2:bb:2c:68:e7:fe:86:cb:
                    54:96:ce:83:84:f5:d6:fb:74:e6:8b:26:61:17:9d:
                    a5:06:6e:fb:9a:6b:74:fa:08:a4:13:21:39:5a:f0:
                    69:0d:e1:8c:0e:5d:51:ac:fc:94:3e:74:93:fc:39:
                    97:d3:c8:ef:82:86:ab:fa:34:fa:e2:e1:99:00:60:
                    d8:0b:ca:04:08:11:e2:f8:fa:35:6a:50:2b:38:02:
                    cf:ef:59:6e:42:98:9c:da:f4:46:2d:a3:28:62:41:
                    8d:13:55:d2:c4:2d:75:0d:1e:c1:34:d7:82:09:ec:
                    49:ec:22:6a:52:d1:ab:ab:67:ce:76:83:05:dd:0d:
                    99:47:3b:5f:f4:60:bb:e1:94:ef:73:8f:c8:75:00:
                    28:9b:94:51:d9:d0:7b:32:fb:af:e8:48:40:cc:8a:
                    5e:a1:bd:60:b0:1a:67:d8:7b:49:21:8d:ae:ab:06:
                    4b:31:29:a8:0b:4e:05:31:00:1d:28:ed:f3:c8:e6:
                    c8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:A6:34:C4:69:83:96:9C:86:48:BE:32:A4:97:1B:C6:43:33:8D:A3
            X509v3 Authority Key Identifier:
                keyid:86:1A:9D:35:7D:53:D5:45:94:84:A1:F5:92:17:04:E7:62:64:1A:62

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://0.sb/repo/sb/33/861A9D357D53D5459484A1F5921704E762641A62.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhqdNX1T1UWUhKH1khcE52JkGmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://0.sb/repo/sb/33/38342e33382e3234372e302f32342d3234203d3e203136353039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.38.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:b2:02:07:cc:51:f2:29:2e:40:1f:d2:19:dc:ce:ae:29:76:
         b8:f8:f6:f2:e7:4a:e3:64:b1:3b:d6:fb:17:c5:e4:31:87:43:
         34:c4:ad:f9:27:d7:83:3d:e7:ce:b9:1c:89:31:64:2d:15:28:
         98:04:b8:56:18:9a:a8:6f:44:3c:9c:bf:06:46:df:4a:33:16:
         13:87:2d:0e:84:60:b8:65:4a:39:bc:7d:a3:11:0e:b4:ac:51:
         83:84:57:71:92:14:c5:01:2b:53:4c:96:2c:a4:7a:0b:0a:a1:
         b1:ef:8e:89:bf:c0:74:9e:05:0f:b9:fe:04:c6:0c:85:ad:0b:
         89:ee:94:f2:3b:21:49:f1:77:94:d7:dd:1e:cb:43:a2:59:ff:
         77:6e:2d:c5:59:88:fa:21:5d:9e:bf:ee:96:0c:14:d5:f5:77:
         78:d2:b0:89:40:22:1c:63:1c:09:78:0b:82:38:95:9b:87:c2:
         4e:d1:0c:6a:27:53:73:d0:54:91:f6:6f:8e:91:7e:8e:fe:5c:
         81:6f:05:ab:b7:9f:9f:b1:14:75:d2:96:b2:0e:40:49:49:5c:
         64:08:5b:02:9e:44:5e:8b:74:16:10:ad:0e:64:20:57:a6:68:
         1e:5d:07:60:a3:c4:6b:21:41:76:0a:7c:fd:d9:c4:5a:21:a9:
         c9:33:55:e7
-----BEGIN CERTIFICATE-----
MIIEsDCCA5igAwIBAgIUYtLVWreV5tPL4CcEwni4QOfzt64wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODYxYTlkMzU3ZDUzZDU0NTk0ODRhMWY1OTIxNzA0ZTc2
MjY0MWE2MjAeFw0yMzEyMDYwNTEwMDVaFw0yNDEyMDQwNTE1MDVaMDMxMTAvBgNV
BAMTKDkwQTYzNEM0Njk4Mzk2OUM4NjQ4QkUzMkE0OTcxQkM2NDMzMzhEQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lwUFglI77nnJmMvfLX7pLJhK
cWtjbJSp+BMUvd/MbkWroCltJ/P81P9nK1WtQRyGQFZGArGb0GtbvZy/RINSBSHS
uyxo5/6Gy1SWzoOE9db7dOaLJmEXnaUGbvuaa3T6CKQTITla8GkN4YwOXVGs/JQ+
dJP8OZfTyO+Chqv6NPri4ZkAYNgLygQIEeL4+jVqUCs4As/vWW5CmJza9EYtoyhi
QY0TVdLELXUNHsE014IJ7EnsImpS0aurZ852gwXdDZlHO1/0YLvhlO9zj8h1ACib
lFHZ0Hsy+6/oSEDMil6hvWCwGmfYe0khja6rBksxKagLTgUxAB0o7fPI5sjtAgMB
AAGjggG6MIIBtjAdBgNVHQ4EFgQUkKY0xGmDlpyGSL4ypJcbxkMzjaMwHwYDVR0j
BBgwFoAUhhqdNX1T1UWUhKH1khcE52JkGmIwDgYDVR0PAQH/BAQDAgeAMFUGA1Ud
HwROMEwwSqBIoEaGRHJzeW5jOi8vMC5zYi9yZXBvL3NiLzMzLzg2MUE5RDM1N0Q1
M0Q1NDU5NDg0QTFGNTkyMTcwNEU3NjI2NDFBNjIuY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9oaHFkTlgxVDFVV1VoS0gxa2hjRTUySmtHbUkuY2VyMGwGCCsGAQUF
BwELBGAwXjBcBggrBgEFBQcwC4ZQcnN5bmM6Ly8wLnNiL3JlcG8vc2IvMzMvMzgz
NDJlMzMzODJlMzIzNDM3MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzEzNjM1MzAz
OS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAFQm9zANBgkqhkiG9w0BAQsFAAOCAQEArbICB8xR8ikuQB/S
GdzOril2uPj28udK42SxO9b7F8XkMYdDNMSt+SfXgz3nzrkciTFkLRUomAS4Vhia
qG9EPJy/BkbfSjMWE4ctDoRguGVKObx9oxEOtKxRg4RXcZIUxQErU0yWLKR6Cwqh
se+Oib/AdJ4FD7n+BMYMha0Lie6U8jshSfF3lNfdHstDoln/d24txVmI+iFdnr/u
lgwU1fV3eNKwiUAiHGMcCXgLgjiVm4fCTtEMaidTc9BUkfZvjpF+jv5cgW8Fq7ef
n7EUddKWsg5ASUlcZAhbAp5EXot0FhCtDmQgV6ZoHl0HYKPEayFBdgp8/dnEWiGp
yTNV5w==
-----END CERTIFICATE-----